From 6a4749264a82b582d93e5258f05cb1ab8d91a878 Mon Sep 17 00:00:00 2001 From: "1437892690@qq.com" <1437892690@qq.com> Date: Thu, 20 Nov 2025 16:59:16 +0800 Subject: [PATCH] =?UTF-8?q?[=E4=BF=AE=E5=A4=8D]=20=E6=8A=A5=E8=A1=A8?= =?UTF-8?q?=E8=A1=A8=E6=A0=BC=E5=8D=95=E5=85=83=E6=A0=BC=E5=86=85=E5=AE=B9?= =?UTF-8?q?=E5=AD=98=E5=9C=A8html=E6=A0=87=E7=AD=BE=E6=97=B6=E9=9C=80?= =?UTF-8?q?=E8=A6=81=E8=BD=AC=E4=B9=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 关联 #[1558568908587008]报表表格单元格内容存在html标签时需要转义 http://192.168.0.96:8090/demo/rdm.html#/bug-detail/939050947543040/939050947543057/1558568908587008 --- .../module/report/api/GetReportTableApi.java | 7 +++++++ .../report/util/ReportFreemarkerUtil.java | 12 ++++++------ .../module/report/widget/DrawTable.java | 18 +++++++++++------- 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/src/main/java/neatlogic/module/report/api/GetReportTableApi.java b/src/main/java/neatlogic/module/report/api/GetReportTableApi.java index b929590..da2b4fc 100644 --- a/src/main/java/neatlogic/module/report/api/GetReportTableApi.java +++ b/src/main/java/neatlogic/module/report/api/GetReportTableApi.java @@ -100,6 +100,13 @@ public class GetReportTableApi extends PrivateBinaryStreamApiComponentBase { String data = getFieldValue(e, "data"); if (Objects.equals(tableId, data)) { tableContent = e; + String pageSize = getFieldValue(e, "pageSize"); + if (StringUtils.isBlank(pageSize)) { + pageSize = getFieldValue(e, "\"pageSize\""); + } + if (StringUtils.isNotBlank(pageSize)) { + paramObj.put("pageSize", Integer.parseInt(pageSize)); + } break; } } diff --git a/src/main/java/neatlogic/module/report/util/ReportFreemarkerUtil.java b/src/main/java/neatlogic/module/report/util/ReportFreemarkerUtil.java index f8602a3..6be5d04 100644 --- a/src/main/java/neatlogic/module/report/util/ReportFreemarkerUtil.java +++ b/src/main/java/neatlogic/module/report/util/ReportFreemarkerUtil.java @@ -105,12 +105,12 @@ public class ReportFreemarkerUtil { } } } - out.write("
"); - if (sqlTime.length() > 0) { - out.write("数据库执行耗时:" + sqlTime); - } - out.write("模板渲染耗时:" + (System.currentTimeMillis() - start) + "ms; "); - out.write("
"); +// out.write("
"); +// if (sqlTime.length() > 0) { +// out.write("数据库执行耗时:" + sqlTime); +// } +// out.write("模板渲染耗时:" + (System.currentTimeMillis() - start) + "ms; "); +// out.write("
"); } } diff --git a/src/main/java/neatlogic/module/report/widget/DrawTable.java b/src/main/java/neatlogic/module/report/widget/DrawTable.java index 7e652ad..baad064 100644 --- a/src/main/java/neatlogic/module/report/widget/DrawTable.java +++ b/src/main/java/neatlogic/module/report/widget/DrawTable.java @@ -16,14 +16,12 @@ import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import freemarker.template.TemplateMethodModelEx; import freemarker.template.TemplateModelException; +import neatlogic.framework.util.XssUtil; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.MapUtils; import org.apache.commons.lang3.StringUtils; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Map; +import java.util.*; public class DrawTable implements TemplateMethodModelEx { // private static final Log logger = LogFactory.getLog(DrawTable.class); @@ -52,6 +50,7 @@ public class DrawTable implements TemplateMethodModelEx { public Object exec(List arguments) throws TemplateModelException { String title = null, header = null, column = null, data = null; Boolean needPage = null; + Integer disableXss = null; // SimpleSequence ss = null; List keyList = new ArrayList<>(); List headerList; @@ -66,6 +65,7 @@ public class DrawTable implements TemplateMethodModelEx { header = configObj.getString("header"); column = configObj.getString("column"); needPage = configObj.getBoolean("needPage"); + disableXss = configObj.getInteger("disableXss"); } catch (Exception ex) { // 非json格式 } @@ -102,7 +102,7 @@ public class DrawTable implements TemplateMethodModelEx { } String tableName = data; StringBuilder sb = new StringBuilder(); - sb.append("
"); + sb.append("
"); if (StringUtils.isNotBlank(title)) { sb.append("
").append(title).append("
"); tableName = title; @@ -136,7 +136,11 @@ public class DrawTable implements TemplateMethodModelEx { for (Map tbody : tbodyList) { sb.append(""); for (String col : columnList) { - sb.append("").append(tbody.get(col)).append(""); + Object value = tbody.get(col); + if (!Objects.equals(disableXss, 1) && value instanceof String) { + value = XssUtil.escapeXss(value.toString()); + } + sb.append("").append(value).append(""); } sb.append(""); } @@ -250,7 +254,7 @@ public class DrawTable implements TemplateMethodModelEx { sb.append("});"); sb.append(""); } - sb.append("
"); + sb.append("
"); return sb.toString(); } -- Gitee